pkexec: PATH environment variable

The `PATH` environment variable is hard-code here:

We don't have any executable in these paths in guix:

```

/usr/sbin:/usr/bin:/sbin:/bin:/root/bin

```

Replicate the issue:

1. Run the `pkexec`

2. Enter your password

3. run `echo $PATH` in the opened terminal

4. You will see this path: `/usr/sbin:/usr/bin:/sbin:/bin:/root/bin`

5. You can't run most of the commands. (`ls`, `passwd`, `chpasswd` and so on.)

Expected Behavior:

Running all of the commands without any error.

Isn't it? Should not we patch the `PATH` environment variable in `pkexec` source codes? Either way, some applications like `lxqt-admin-user` and `lxqt-admin-time` has an issue and they can't run the commands via `pkexec`. I get this error when I want to change user password via `lxqt-admin-user`. It's using `pkexec` to change password.

```

/run/current-system/profile/bin/lxqt-admin-user-helper: line 7: exec: passwd: not found

```

--

Hamzeh Nasajpour

PantherX Team

Hi,

Am Sonntag, den 21.11.2021, 11:33 +0330 schrieb Hamzeh Nasajpour:

I'm getting some flashbacks from my ITSec courses here. pkexec is

protecting itself against a malicious PATH attack. The paths are

chosen somewhat arbitrarily, but on traditional distros this ought to

ensure, that no privilege escalation occurs. We could inject

/run/current-system, given that /run likewise ought to be root-writable

only, but I'm not sure how much that helps. The obvious solution is to

use canonical (store) paths with pkexec.

Cheers

Hi Lillana,

Thanks for your response and sorry for delay.

Honestly, I couldn't find out your solution. Can you clarify it?

Regards,

--

Hamzeh Nasajpour

PantherX Team

Am Sonntag, dem 28.11.2021 um 11:09 +0330 schrieb Hamzeh Nasajpour:

That is instead of writing "pkexec sh", write "pkexec /run/current-

system/profile/bin/sh" or similar.

Cheers